Holographic Projection and Cyber Attack Surface: a Physical Analogy for Digital Security

This article presents an in-depth exploration of the analogy between the Holographic Principle in theoretical physics and cyber attack surfaces in digital security. Building on concepts such as black hole entropy and AdS/CFT duality, it highlights how complex infrastructures project their...

The Shift from Vulnerability Management to Exposure Management

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Your vulnerability management program is optimized for the wrong war. You're counting patches whil...

Building a Security Operations Center for the Cloud: Key Considerations for People, Processes, and Technology

As cloud adoption accelerates, security operations teams must rethink their people, processes, and technology to enable effective Cloud Detection and Response CDR and secure their evolving cloud attack surface...

How to Build a Lean Security Model: 5 Lessons from River Island

In today’s security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge. Yet lean security models are not only possible - they can be highl...

Patch Tuesday, June 2025 Edition

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now...

⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks

Behind every security alert is a bigger story. Sometimes it's a system being tested. Sometimes it's trust being lost in quiet ways—through delays, odd behavior, or subtle gaps in control. This week, we're looking beyond the surface to spot what really matters. Whether it's poor design, hidden...

Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise

You don’t need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned...

India's Cyber Leaders Prepare for AI-Driven Threats

As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders in Mumbai, Delhi, and Bengaluru to address the most pressing cyber threats faci...

Qualys Recognized as The Leader in Attack Surface Management by KuppingerCole

In today’s ever-evolving security landscape, organizations face an unprecedented expansion of digital assets—and with that expansion comes a growing attack surface. We're proud to announce that Qualys has been named The Leader in the2025 KuppingerCole Leadership Compass for Attack Surface...

Seeing Is Securing: How Surface Command Expands MDR Visibility and Impact

Imagine hiring a professional security team to guard your home — only to discover they’re doing so by monitoring camera feeds from only the front of the house — securing the front door but blissfully unaware of the unlocked window in the back. That’s what many organizations face today when relyin...

CVE-2025-48414

There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface...

CVE-2024-49383

Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 38690...

CVE-2018-0898

creationtimestamp| type| source ---|---|--- 2025-05-23 05:00:00+00:00| seen| https://projectzero.google/2025/05/the-windows-registry-adventure-7-attack-surface.html 2025-05-23 07:05:54+00:00| seen| https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html...

CVE-2018-0899

creationtimestamp| type| source ---|---|--- 2025-05-23 05:00:00+00:00| seen| https://projectzero.google/2025/05/the-windows-registry-adventure-7-attack-surface.html 2025-05-23 07:05:54+00:00| seen| https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html...

CVE-2020-1378

creationtimestamp| type| source ---|---|--- 2025-05-23 05:00:00+00:00| seen| https://projectzero.google/2025/05/the-windows-registry-adventure-7-attack-surface.html 2025-05-23 07:05:54+00:00| seen| https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html...

CVE-2023-41742

Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30430, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...

CVE-2023-0435

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

The Windows Registry Adventure #7: Attack surface analysis

Posted by Mateusz Jurczyk, Google Project Zero In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this...

CVE-2021-32756

ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to...

CVE-2020-15378

The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface...